≡ Menu

Ubuntu Linux install and configure OpenSSH (SSHD) server

I am totally impressed with new Ubuntu Linux server. Default installation did not install any single service :)

This gives pretty good control over box. Following command returned nothing:
$ sudo netstat -tulpn

However sshd is bare minimum these days and it should be installed by default.

To install openssh server type following command:
$ sudo apt-get install openssh-server

Make sure openssh is running:
$ netstat -tulpnOutput:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::22                   :::*                    LISTEN     3458/sshd

Now we will tight openssh security. First change default 22 port to something else like 512. This will avoid automated tools login into your box:
$ sudo su -
# vi /etc/ssh/sshd_config

Find line that read as follows:
Port 22
Replace port 22 with 512:
Port 512
Save and close the file. Restart sshd:
# /etc/init.d/ssh restartOutput:

 * Restarting OpenBSD Secure Shell server... 

Finally make sure you open port 512 using iptables. Type the following command to list current firewall rules:
$ sudo iptables -L -n

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --             
ACCEPT     all  --             state RELATED,ESTABLISHED 
ACCEPT     tcp  --             tcp dpts:6881:6882 
ACCEPT     tcp  --             tcp dpt:443 
ACCEPT     udp  --             udp dpt:514 
ACCEPT     all  --           
ACCEPT     all  --           
ACCEPT     all  --           
LOG        all  --             LOG flags 0 level 4 
DROP       all  --             

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  

Use GUI program such as firestarter to manage and open port 22 (ssh port).
$ sudo firestarter &

Updated for accuracy.

Share this on:
{ 25 comments… add one }
  • alex November 9, 2006, 2:19 pm

    short but to the point and of use!

  • rich November 12, 2006, 11:30 am

    shouldn’t package name be openssh-server, hyphen is in wrong place?

  • nixCraft November 12, 2006, 12:29 pm


    Thanks for heads up! Article is updated!!!

  • Gabe November 30, 2006, 9:01 pm

    Hey! This ie exactly what I was looking for. Thanks so much!

  • neon January 31, 2007, 7:49 am

    Well it seems to match. However SSH still isn’t working.

  • nixCraft February 1, 2007, 10:01 pm


    What error you are getting?

  • Cappy February 15, 2007, 12:56 am

    Hm … I can SSH into my server when the port is set to 22 but as soon as I set it up to a high number (30,000) and restart the ssh server all I get are server rejections. ssh -p 30000 cappy@ just won’t work =(

  • nixCraft February 15, 2007, 4:17 am

    Make sure firewall is not blocking your port 30000. Run following command to see current iptables.
    sudo iptables -L -n
    iptables -L -n

    Also /etc/hosts.allow and /etc/hosts.deny can block access.

  • Fulano February 27, 2007, 7:38 am

    I followed the instructions and I seem to be going alright, I can ssh locally as another user but I cannot seem to log in from remote locations, just seems to time out. Any ideas?

  • Cappy February 27, 2007, 9:12 am

    The problem was that I ran “/etc/init.d/ssh restart” as a user and not as an admin. It ended up giving a bunch of RSA errors and somehow prevented the system from switching ports when I then ran it from root. A simple reboot fixed it. Thanks for the guide!

  • xain March 29, 2007, 2:05 pm

    what is the point that after changing port from 22 to 512, but still to make sure iptables open port 22?

  • nixCraft March 30, 2007, 3:20 am


    It was typo and post has been updated. Thanks for heads up.

  • Markku April 1, 2007, 8:42 pm

    I cant get it to work. When i try to run openssh-server it just says fail.

  • sungmin June 17, 2007, 8:09 pm

    what is difference with login in with login and password and with PUB key ? also what if I have 10 users who needs to login to my Linux box, what is best way for them to login ? with login and password or with PUB KEYS ?

  • brandon October 29, 2007, 3:40 am

    I can ssh from ubuntu to osX, but not from osX to ubuntu. I had the same situation where I could go from winXP to osX, but not the other way. Since it works ubuntu to osX does that mean I need to switch the dsa keys around, or do they work but ways? So, it seems like the problem must be in ubuntu’s firewall or the router’s portforwarding. When I setup portforwarding I feel like I should open port 22 for the mac’sip if i want to get into the mac. Strangely that doesn’t work, but when I open port 22 for (the router’s ip) then I can ssh into the mac. I want to have SAMBA and VNC forwarded over ssh. I want the ubuntu to be headless but then I want to open VLC on the mac and watch a movie from the ubuntu. Once long ago I was able to get VNC to work both ways with a mac and a win2k machine. I don’t know what I’m doing wrong.

  • loh March 22, 2008, 3:05 pm

    First time installing ubuntu 7.10. This was very helpful.

  • El Perro Loco January 2, 2009, 2:44 pm

    Good article. Short, complete and to the point.

  • ssh_user April 7, 2009, 8:51 pm

    Ubuntu 8.10 64 bits, no firewall active.
    After changing ssh listning port from 22 to 2223, connecting fails, see dump below
    Can somebody explain what can cause a ‘Read from socket failed: Connection reset by peer’. The question is in several forums, couldn’t find answers yet.


    jaap@jaap-laptop:~$ ssh -p 2223 jaap@localhost -vvv
    OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [] port 2223.
    debug1: Connection established.
    debug1: identity file /home/jaap/.ssh/identity type -1
    debug1: identity file /home/jaap/.ssh/id_rsa type -1
    debug1: identity file /home/jaap/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-3ubuntu1
    debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    Read from socket failed: Connection reset by peer
  • Japan Shah July 6, 2009, 5:15 am

    Thanks it works !!!

  • I can't see to get this working January 28, 2010, 10:28 am

    I try installing Ubuntu Server 8.10, and i tell u, installation when just fine. I get stuck on the part where u need to configure /etc/network/interfaces, that, because i need the server to have a static IP. I have ADSL connection, and IP’s r assing by the modem/router (Thompson SpeedTouch). IP’s r configure as “start – end” “sbnetmask” that’s in the modem/router, and obvious it gives me the router IP number. Now, if i want to assing a static IP to the server it should be some like “” SM “” and what is Broadcast, Network and some other’s that has to be edited with “VIM”. I mean, im from windows xp, and i want to host my own web page, and mail server, plus some sharing files locally, maybe log-on remotelly… that’s all i want; but this part is killing me. anyone willing to help please? thanks in advanced.

  • Samuel Berryman February 27, 2010, 12:46 pm

    I have just installed Ubuntu 9.10 and it is all working fine! However when I try to install openssh like it tells me to above i get the following error:

    Reading Package Lists… Done
    Building dependency tree
    Reading state information… Done
    package openssh-server is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source
    E: Package openssh-server has no installation candidate

    I dont know why it is doing this and really could do with some help please!

  • Dmitry April 12, 2010, 8:16 am

    I had the same proplem.
    All you need do is to update your system:
    >sudo aptitude update

  • Melroy van den Berg May 21, 2010, 9:33 pm

    You can also try putty, i prefer that more then firestarter.

  • trioggle June 2, 2010, 2:05 am

    Firestarter is a firewall gui, putty is a shell client.

  • hejmiki September 10, 2010, 3:06 pm

    I think there is another TYPO

    correct me if i’m wrong
    You set up Port 22 –> Port 512

    and then in your output of sudo iptables -L -n
    there is no rule for accepting tcp on Port 512 but there is Port 514 (udp)

Security: Are you a robot or human?

Leave a Comment